27-07-2011, 11:34 AM
[attachment=14801]
Why Information Security?
After the boom in Networking and Software jobs, the past two years have seen a sharp rise in the field of Information Security. Information Security and Ethical hacking is the latest buzzword in the industry. In the past five years, the percentage of hacking crimes, data thefts, data losses, viruses and other cyber crimes have increased exponentially. “NASSCOM predicts requirement of 1, 88,000 professionals by the year 2008. Currently the number of security professionals in India is around 22,000.” The current demand for Information Security jobs continue to grow. With information security increasingly becoming a boardroom level concern, training and certification are becoming increasingly important for candidates and companies like. Need for Information Security in the Indian Market Security Compliance is must for all companies with IT backbone. The requirement is high with organizations in IT / ITES segment. Information workers lack of basic security knowledge. Information Security Industry is going through an exponential growth rate, current worldwide growth rate is billed at 21 %.
Introduction to Information Security And Ethical Hacking
Abstract:
Today more and more softwares are developing and people are getting more and more options in their present softwares. But many are not aware that they are being hacked without their knowledge. One reaction to this state of affairs is a behavior termed Ethical Hacking" which attempts to proactively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. A good ethical hacker should know the methodology chosen by the hacker like reconnaissance, host or target scanning, gaining access, maintaining access and clearing tracks. For ethical hacking we should know about the various tools and methods that can be used by a black hat hacker apart from the methodology used by him. From the point of view of the user one should know atleast some of these because some hackers make use of those who are not aware of the various hacking methods to hack into a system. Also when thinking from the point of view of the developer, he also should be aware of these since he should be able to close holes in his software even with the usage of the various tools. With the advent of new tools the hackers may make new tactics. But atleast the software will be resistant to some of the tools
What is 'Information Security'?
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.
These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.
Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement.
For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.
The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science, etc.
Information security is exactly what it says, the security of information.
Typically, this is the information that you or an organisation 'own' and process.
Applying security to information is analogous to the application of security to any physical asset.
Take for example your home or car, protecting this can be summarised as follows:
• You need to have someone responsible for your car or home (you) so that this person can set the level of security required;
• If you have two homes or cars- which one do you spend more on protecting (risk assessment) or if you have only one - what level of protection do you set (risk assessment)?
• If you get burgled, how do you know what is missing from your house or car (asset register)?
• If you are going to have staff or third parties work on your car or in your house (perhaps you run a business or work from home?) then how do you select them and what protection do you need to have in place (personnel and contract security)?
• What sort of level of physical security, in terms of locks and bolts or maybe alarms do you need to have in place, including their infrastructure (physical security)?
• If you had a computer at home that is used by the family then you need to ensure that it is all working properly and that it is properly managed and maintained - such things as backups etc. (Communications and operations management);
• If you work from home then you may not want all of the family to view your work or you may need to ensure, as a responsible parent, that your children are protected from adult or inappropriate content on the internet (access control);
• If, like many people, you do some programming, then you will want to properly test the code before putting it live on the system. You may also need to ensure that if you are testing software that you ensure there is appropriate security in place and that you don't break the law (system development and maintenance);
• If your car is stolen, what fall back do you have to allow you to travel as if you still had your car (fallback planning)?
• When running your car or maintaining your house what legal or regulatory aspects do you need to take note of and how can you prove that you are complying with them (legislative and regulatory compliance).
Historically, information security has been called a number of different things such as:
• Data security;
• IT Security;
• Computer security.
But these terms (except possibly data security) ignore the fact that the information that is held on the computers is almost always and most certainly worth many times more than the computers that it runs on.
